Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
03-27-2001, 08:09 AM
|
#1
|
LQ Newbie
Registered: Mar 2001
Posts: 6
Rep:
|
Hi all,
I'm new to this list, so I hope this hasn't been asked before. I friend of mine (a java developer) wrote a little TCP Port scanning tool for me and it's showing some open ports and I was wondering if you could point me in the right direction to get them closed.
I've got 2 different servers I'm working on, one is Red Hat 6.2 and the other is Red Hat 7.
Here are the TCP ports:
111
113
513
514
515
Also, Port 53 is open on TCP for DNS, but I do not do any zone transfers, cna (and how) do I shut that port down.
Thanks in advance,
--John
|
|
|
03-29-2001, 07:43 PM
|
#2
|
Member
Registered: Jan 2001
Location: work
Distribution: Redhat, Mandrake
Posts: 33
Rep:
|
You can try going into your inetd.conf and commenting out the services that pertain to that port. See if that works. I had the same problem and that is how I solved it.
Mike
|
|
|
03-30-2001, 06:40 AM
|
#3
|
LQ Guru
Registered: Jan 2001
Posts: 24,149
|
Remember though, RH 7 doesn't have inetd anymore, its xinetd.
|
|
|
03-30-2001, 01:32 PM
|
#4
|
Member
Registered: Jan 2001
Location: work
Distribution: Redhat, Mandrake
Posts: 33
Rep:
|
Thats right, you can try commenting it out in /etc/services, right?
|
|
|
03-30-2001, 02:07 PM
|
#5
|
Member
Registered: Mar 2001
Location: D/FW
Posts: 75
Rep:
|
Yes, you can comment it out there.
|
|
|
04-02-2001, 09:00 AM
|
#6
|
LQ Newbie
Registered: Mar 2001
Posts: 6
Original Poster
Rep:
|
Hi - That's the sneaky thing about this, 111 is commented out in the /etc/services, but that port is still accepting connections.
Any thoughts?
--John
|
|
|
04-02-2001, 02:23 PM
|
#7
|
root 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,630
|
Port 111 is for portmapper (which is used for NFS). If you kill portmapper it will close the port.
|
|
|
04-05-2001, 07:01 AM
|
#8
|
LQ Newbie
Registered: Mar 2001
Posts: 6
Original Poster
Rep:
|
Thanks jeremy, that did it.
--John
|
|
|
11-26-2003, 10:30 PM
|
#9
|
Senior Member
Registered: Nov 2003
Location: Western Australia
Distribution: GUI Ubuntu, Server Ubuntu, HamPi, Skywave, DragonOS, many other's
Posts: 1,058
Rep:
|
Hi guys i'm working on the same thing.
I've used the command nmap myIP
and my result is
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-11-27 00:28 WST
Interesting ports on 10.x.x.x:
(The 1652 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
Nmap run completed -- 1 IP address (1 host up) scanned in 8.013 seconds
now to close a port you stay comment out the ones you want right ?
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
Is it both of them? like so
#sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
#sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
tommytomato 
|
|
|
11-27-2003, 08:28 AM
|
#10
|
Moderator
Registered: May 2001
Posts: 29,417
|
Is it both of them? like so
#sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
#sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
Yes, that's how you comment out stuff, but what file are you editing?
I hope it's not /etc/services...
|
|
|
11-27-2003, 09:10 AM
|
#11
|
Member
Registered: Jul 2003
Location: Göteborg
Distribution: Arch Linux (current)
Posts: 553
Rep:
|
It won't help to just comment out lines in /etc/services when you want to close ports. Shut down the daemons listening; for some distros you can list the running services with chkconfig --list, and then shut down the unwanted services with some other chkconfig option(s); see the man page. And then set up iptables using your favourite editor or quicktables or shorewall or whatever other frontend.
|
|
|
11-27-2003, 01:22 PM
|
#12
|
Senior Member
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123
Rep:
|
tommytomato:
If you don't need the running services at all do this:
look for the symlinks to the scripts in /etc/rcX.d (where X is the runlevel number) and delete them.
Then stop them:
/sbin/service <nameservice> stop (for RH compatible I believe)
/etc/init.d/<nameservice> stop (the rest?)
Maybe they get started through xinetd, in that case you should search for them in
/etc/xinetd.d , edit the script and set disable yes.
Then restart xinetd: /sbin/service xinetd restart (for RH compatible) or just /etc/init.d/xinetd.d restart (the rest?)
|
|
|
11-27-2003, 06:44 PM
|
#13
|
Senior Member
Registered: Nov 2003
Location: Western Australia
Distribution: GUI Ubuntu, Server Ubuntu, HamPi, Skywave, DragonOS, many other's
Posts: 1,058
Rep:
|
Thanks guys,
what i'm trying to do is make my server as sercue as possible.
I have my server hooked up to a ADSL unit and port 80 is the only one open.
so it should be safe.
but when i run nmap localhost
i get this
[root@www root]# nmap localhost
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-11-27 20:27 WST
Interesting ports on www.rockinghamgateway.com (127.0.0.1):
(The 1647 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
443/tcp open https
631/tcp open ipp
783/tcp open hp-alarm-mgr
3306/tcp open mysql
10000/tcp open snet-sensor-mgmt
Nmap run completed -- 1 IP address (1 host up) scanned in 2.751 seconds
and then if i run the IP eth0 #nmap 10.1.1.9
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-11-27 20:34 WST
Interesting ports on 10.1.1.9:
(The 1650 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp <---- IS FTP
22/tcp open ssh <----sshd
80/tcp open http <-----Apache webserver
111/tcp open rpcbind <-----I think its portmapper
443/tcp open https <---sercue webserver
3306/tcp open mysql <---- is mysqld
10000/tcp open snet-sensor-mgmt <--- is this webmin ???
Nmap run completed -- 1 IP address (1 host up) scanned in 23.011 seconds
Iceman47 ,so your saying to do it like this ?
Then stop them:
/sbin/service <rpcbind> stop (for RH compatible I believe)
/etc/init.d/<rpcbind> stop (the rest?)
My OS is Fedora Core 1 running just a shell no GUI, i have startx working
and most of my setup is done..apart from blocking ports
I am at a lost to this...the main ones i would be looking to block is port 111,783,631....
As i am a new user i dont know alot about it!
can any one explanie this in simple terms. as in do i need to block or dont I need to block any ?
tommytomato 
|
|
|
11-27-2003, 07:38 PM
|
#14
|
Senior Member
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123
Rep:
|
Quote:
Originally posted by tommytomato
"10000/tcp open snet-sensor-mgmt <--- is this webmin ???"
|
Yes
Quote:
Iceman47 ,so your saying to do it like this ?
Then stop them:
/sbin/service <rpcbind> stop (for RH compatible I believe)
/etc/init.d/<rpcbind> stop (the rest?)
|
If you want to stop rpcbind do /sbin/service portmap stop.
But that won't survive a reboot, so you have 2 options:
* remove the actual script (<-not that smart in case you do need it at a later date)
* remove the symlink to the script.
A symlink is a symbolic link to a file, like a shortcut in windoze.
You'll find those symlinks in the runlevel folders (/etc/rc0.d -> /etc/rc6.d)
So if you want to disable portmap (rpcbind) remove all the symlinks ending with
portmap in /etc/rc0.d through /etc/rc6.d.
Reboot and you'll notice portmapper (rpcbind) won't run anymore
repeat for everything you want to see disabled
Others get started from xinetd like I said before, but I think that explenation
was clear.
What you want to disable is up to you, just disable services you don't need.
|
|
|
11-27-2003, 09:07 PM
|
#15
|
Senior Member
Registered: Nov 2003
Location: Western Australia
Distribution: GUI Ubuntu, Server Ubuntu, HamPi, Skywave, DragonOS, many other's
Posts: 1,058
Rep:
|
thank you,
i'll work though it.
I do have a prob i think
my site wont show, if i switch to the XP IIS it works, but if i switch back to the linux webserver, we get page cant be found.
do my per look ok..
?
[root@www root]# ls -al /var/www/html
total 84
drwxrwxr-x 5 root gateway 4096 Nov 27 09:22 .
drwxr-xr-x 7 root root 4096 Nov 27 03:11 ..
drwxr-xr-x 11 tommytomato tommytomato 4096 Nov 27 09:24 community
-rw-r--r-- 1 tommytomato tommytomato 2494 Nov 27 08:24 favicon.ico
drwxr-xr-x 3 tommytomato tommytomato 4096 Nov 27 08:24 images
-rw-r--r-- 1 tommytomato tommytomato 7575 Nov 27 08:24 index_behind.php
-rw-r--r-- 1 tommytomato tommytomato 8040 Nov 27 08:24 index.php
-rw-r--r-- 1 tommytomato tommytomato 30737 Nov 27 08:24 mm_menu.js
-rw-r--r-- 1 tommytomato tommytomato 8362 Nov 27 09:07 notes.txt
drwxrwxr-x 2 root gateway 4096 Nov 27 09:52 usage
[root@www root]#
I wondering if i have to add index.php in using webmin, i think it's only got index.html
tommytomato

|
|
|
All times are GMT -5. The time now is 09:42 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|